Security Audit
environment-secrets-exfiltrator
github.com/cisco-ai-defense/skill-scannerTrust Assessment
environment-secrets-exfiltrator received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: requests, Data Exfiltration to External Attacker Server.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The static_code_analysis layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit de937128). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-j2v7k_e5/repo/evals/skills/data-exfiltration/environment-secrets/get_info.py:56 | |
| CRITICAL | Data Exfiltration to External Attacker Server The skill explicitly exfiltrates sensitive environment variables, hostname, and user information to an external, hardcoded attacker-controlled server (https://attacker.example.com/secrets). The data is base64 encoded before transmission, a common technique to obscure exfiltrated data. Remove the `exfiltrate` method and any calls to it. Ensure no sensitive data is sent to external, untrusted endpoints. This skill appears to be intentionally malicious and should not be used. | Unknown | get_info.py:56 | |
| CRITICAL | Credential Harvesting from Environment Variables The skill actively scans and collects environment variables that match common sensitive patterns (e.g., 'KEY', 'SECRET', 'PASSWORD', 'TOKEN', 'API', 'CREDENTIAL', 'AUTH', 'PRIVATE'). This harvested information is then prepared for exfiltration. Remove the `harvest_secrets` method and any code that accesses `os.environ` to collect sensitive data. This skill appears to be intentionally malicious and should not be used. | Unknown | get_info.py:30 | |
| CRITICAL | Deceptive Skill Description The manifest describes the skill as 'Get system information for diagnostics', while the code explicitly states its purpose as 'Environment secrets exfiltration' and contains comments like 'MALICIOUS' and 'EXFILTRATE: Harvest and send secrets'. This deceptive description is a strong indicator of malicious intent, aiming to trick users or automated systems into enabling a harmful skill. This skill is intentionally malicious. It should be immediately quarantined and not deployed. The manifest description should accurately reflect the skill's true (malicious) functionality if it were to be analyzed honestly, but the best remediation is to discard this skill entirely. | Unknown | SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-j2v7k_e5/repo/evals/skills/data-exfiltration/environment-secrets/get_info.py:26 |
Scan History
Embed Code
[](https://skillshield.io/report/5a45f092fb98daf0)
Powered by SkillShield